US-NJ, IT Security Specialist II Job 443160200A1-MZ
|Requisition ID 50773BR|
Title IT Security Specialist II
Job Category Information Technology
Job Description PURPOSE:
Supports daily security operations and wide range of IT security activities including network and system security monitoring, tuning and management of IT Security systems and applications in addition to supporting incident response activities. Individuals in this position will also have additional duties assisting with the implementation of IT security strategy and serving as a security advisor to ensure IT systems are implemented and maintained to the highest security standards. Individuals in this position will demonstrate expertise of current enterprise technologies and will also be responsible for performing technical risk and vulnerability assessments at the network, system and application level. Some responsibilities developing and implementing security controls and formulating operational risk mitigations.
Reports directly to the Director IT Security and Quality. Will work closely with IT operations staff, application development teams, project managers, external IT vendors and consultants, Legal and Human Resources Departments in addition to supporting the global IT security organization.
While the IT Security Specialist II will have a broad range of daily responsibilities this position will have specific duties regarding the administration, tuning, and maintenance of TippingPoint Intrusion Prevention Systems (IPS) in order to ensure that operational effectiveness and service levels are appropriately maintained.
Assists in developing implementation plans, project schedules and deliverables while working within budget guidelines. Assists in the development and implementation of security policies, procedures, and best practices. Assists in the IT Security planning and budgeting process. Performs systems administration, upgrades and change management for IT Security systems and applications. Experience with network intrusion detection and intrusion prevention technologies and packet level network traffic analytic tools such Wireshark. Researches and evaluates new security tools, techniques and technologies and introduces them in to the enterprise in alignment with IT security strategy. Experience with common security, vulnerability assessment and penetration tools including Nessus, nmap, WebInspect, AppDetective, and Metasploit desirable. Familiarity with cryptographic principals, and common encryption schemes such as symmetric/asymmetric encryption, hashing, SSL/TLS, IPSec, PGP, S/MIME, SSH, PKI. Familiarity with security standards and guidelines such as ISO 27002, COBIT, SARBOX, CIS Benchmarks, NIST, PCI and HIPAA. Functional knowledge of programming, scripting and markup languages such as C++, Java, Perl, Ruby, Python, PHP, Visual Basic, ASP, HTML, XML, XSS, .Net/C# and shell scripting desirable. Knowledge of incident handling processes, methods and best practices. Knowledge of MS-SQL, Oracle, and MySQL databases and database level security controls desirable. Knowledge of network, system, and application forensics as well as basic chain of custody, evidence preservation and digital investigative techniques. Knowledge of web application security best practices, web application testing methodologies and tools as well as OWASP guidelines. Strong knowledge of centralized logging and security event management best practices, , event correlation, as well as experience with UNIX and network equipment syslog data, Windows Event Log, and application (database, web server, dns, dhcp, ) log analysis. Strong working knowledge of Linux, UNIX, and Windows operating systems as well as hardening standards and methodologies for each. Strong understanding of TCP/IP networking including switching and routing protocols, OSI Model, and packet level analysis.
Approximately 15% overnight travel
Additional Information QUALIFICATIONS
* A Bachelor’s degree in Computer Science, Information Systems, and or Electrical Engineering is required; relevant experience may be substituted for degree when appropriate.
* A minimum of 5 years of progressively responsible relevant experience.
* Ability to lead a project in the development and implementation of processes and technology.
* Ability to develop and maintain relationships within the global organization.
* Strong attentional to detail is required.
* Experience with incident response and digital forensics a plus.
* Vendor neutral technical certifications (such as SANS certifications) preferred.
* Vendor sponsored and professional certifications (CISSP, CISA, MCSE, RHCE, CCNP) desirable.
Department FIN - IT SECURITY
Position Location US - Plainsboro, NJ
State/Provinces US - NJ
Job/Position Country US
At Novo Nordisk, we know that driving change on a global level and improving treatment outcomes for people with diabetes and other chronic diseases begins here at home. That's why we make an unmatched commitment to our employees, our families and our communities. That means outstanding rewards, industry-leading training programs, and an environment that supports you to achieve your goals at every level. It's all part of the Novo Nordisk Way. It includes our Vision and our commitment to the Triple Bottom Line principle – helping us find the right balance between compassion and competitiveness
With a career at Novo Nordisk, you’ll feel a difference right from the start. It’s a sense of inspiration and mobility that comes from a shared belief in driving positive change for people, families, and communities everywhere. Congratulations on taking your first step!
Novo Nordisk is committed to equal employment opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, physical or mental disability, medical condition, veteran status, genetic information, or any other characteristic protected by federal, state, or local law.
Please visit our website at www.novonordisk.com